QwikSec

Security Database

CVE

CWE

Training

CVE-2022-36640

Published: Sep 2, 2022

Modified: Aug 3, 2024

PUBLISHED

Description

influxData influxDB before v1.8.10 contains no authentication mechanism or controls, allowing unauthenticated attackers to execute arbitrary commands. NOTE: the CVE ID assignment is disputed because the vendor's documentation states "If InfluxDB is being deployed on a publicly accessible endpoint, we strongly recommend authentication be enabled. Otherwise the data will be publicly available to any unauthenticated user. The default settings do NOT enable authentication and authorization.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

http://influxdata.com

x_refsource_MISC

http://influxdb.com

x_refsource_MISC

http://www.krsecu.com/CVE/409b5310045bd6b9a984a5fb63bd8786d5c5681a8ad5b1c815c84b2b90002ad7.docx

x_refsource_MISC

https://dl.influxdata.com/influxdb/releases/influxdb_1.8.10_amd64.deb

x_refsource_MISC

https://portal.influxdata.com/downloads/

x_refsource_MISC

https://www.influxdata.com/

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.